Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...

KLA11703 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability i...

Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2020-0634)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

OSIsoft PI Vision

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: OSIsoft LLC Equipment: PI Vision Vulnerabilities: Improper Access Control, Cross-site Request Forgery CSRF, Cross-site Scripting, Inclusion of Sensitive Information in Log Files 2. RISK EVALUATION...

KB4534312: Windows Server 2008 January 2020 Security Update

The remote Windows host is missing security update 4534312 or cumulative update 4534303. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Common Log File System CLFS driver when it fails to properly handle objects in memory. ...

KB4534271: Windows 10 Version 1607 and Windows Server 2016 January 2020 Security Update

The remote Windows host is missing security update 4534271. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in Windows Remote Desktop Gateway RD Gateway when an unauthenticated attacker connects to the target system using RDP and sends...

CVE-2012-4767

An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine...

OPENSUSE-SU-2020:0020-1 Security update for shibboleth-sp

This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files bsc1157471. This update was imported from the SUSE:SLE-15:Update update project...

LNAV - Log File Navigator

The log file navigator, lnav, is an enhanced log file viewer that takes advantage of any semantic information that can be gleaned from the files being viewed, such as timestamps and log levels. Using this extra semantic information, lnav can do things like interleaving messages from different...

Mellow Fish YetiShare Cross-Site Scripting Vulnerability (CNVD-2020-00223)

Mellow Fish YetiShare is a PHP-based file hosting web system script from Mellow Fish UK. A cross-site scripting vulnerability exists in the logfileviewer.php file in Mellow Fish YetiShare versions 3.5.2 through 4.5.3. The vulnerability stems from a lack of proper validation of client-side data by...

CVE-2019-19738

logfileviewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS...

ZTE ZXCLOUD GoldenData VAP Information Disclosure Vulnerability

ZTE ZXCLOUD GoldenData VAP is a set of big data solutions from ZTE Corporation ZTE, China. A security vulnerability exists in ZTE ZXCLOUD GoldenData VAP versions prior to 4.01.01.02. An attacker can exploit the vulnerability to gain unauthorized access to log file information and leak sensitive...

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

Denial of service

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...

CVE-2019-8463

A denial of service vulnerability was reported in Check Point Endpoint Security Client for Windows before E82.10, that could allow service log file to be written to non-standard locations...

CVE-2019-3429

All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have a file reading vulnerability. Attackers could obtain log file information without authorization, causing the disclosure of sensitive information...

SUSE-SU-2019:3386-1 Security update for shibboleth-sp

This update for shibboleth-sp fixes the following issues: Security issue fixed: - CVE-2019-19191: Fixed escalation to root by fixing ownership of log files bsc1157471...

F5 BIG-IP APM Log Leakage Vulnerability

F5 BIG-IP APM is a suite of access and security solutions from F5 USA. The product provides unified access to business-critical applications and networks. A security vulnerability exists in F5 BIG-IP APM versions 15.0.0 through 15.0.1, 14.1.0 through 14.1.2, and 14.0.0 through 14.0.1, which stems...

CVE-2019-19264

In Simplifile RecordFusion through 2019-11-25, the logs and hist parameters allow remote attackers to access local files via a logger/logs?/../ or logger/hist?/../ URI...